PandaLabs has detected a spam message currently being sent to users which tries to get recipients to visit an advertising page and which also downloads a Trojan to users computers.
The characteristics of the message are:
From: the name of the sender is variable, although it tries to make recipients think it has been sent by the BBC or CNN.
Subject: “Osama Bin Laden Captured”,
Message text: “Hey, Just got this from CNN, Osama Bin Laden has been captured! Goto the link below to view the pics and to download the video if you so wish: (Internet address) “Murderous coward he is”. God bless America!”.
The address indicated in the message takes users to what appears to be an advertising page. However, the page contains code that exploits a vulnerability (detected by Panda antivirus as Exploit/MIE.CHM). The code also downloads and runs a file (detected as VBS/Psyme.C). Finally, a file called EXPLOIT.EXE, which contains the Trojan Trj/Small.B is downloaded from Internet onto users’ machines.
Panda Software advises users to treat e-mails received with caution and to update their antivirus software. The company has already made the updates to its products available to users to ensure their solutions can deal with this threat. Similarly, users can also detect and disinfect malicious code using the free, online antivirus, Panda ActiveScan, which is also available on the company’s website at http://www.pandasoftware.com.